Fear the Droid!
by Clint Adams, Fiberlink
All indications are that Smartphones with Google’s Android-based Mobile Operating Systems are winning the market share battle and are poised to be the overall market leader in a few short months. For any individuals responsible for provisioning, configuring, securing and supporting mobile devices, this trend, coupled with the very strong desire of information workers to use personal devices for work, should be very troubling. The decision to approve the use of Android devices for access to corporate email and collaboration applications is not to be taken lightly.
So what are the issues? Is this as big a deal as some of the security geeks say it is? Are the security and MDM vendors just trying to get you to spend more money?
Let’s take a look.
Device Encryption – To many, the only feature that is absolutely essential. There have been comments that encryption is not required if you have decent policy management and can force a password to the device. Really, I am sure the Black Hats hired by your competition would have a field day with an unencrypted device lifted from the laptop bag of your CEO.
Limited Mobile Device Management Choices – The scramble is on among the entrenched MDM vendors and a number of upstarts to bring critical MDM capabilities to the Android. With the release of Android 2.2, there is now a framework that can accommodate the creation of some of the more essential MDM features. At this point in time, real MDM solutions for the Android are essentially non-existent or are very limited in what they can actually do on the platform. The pace at which Google releases software and the number of OS capabilities that have changed in recent months have not been matched by these third parties. We are looking at at least two more[PP1] quarters before there are stable and capable MDM solutions from trusted partners to acquire and deploy.
Android as a Malware Target – The uptick in market share is bound to get the attention of the malware community. Financially motivated malware is already a threat, but the incredible device volumes, the openness of the platform and some of the inherent OS and application vulnerabilities make the Android devices an attractive target.
Carrier Inconsistency – Of all the participants in the Android saga, the Carriers have done way more damage than good. Across Carriers and even within specific Carriers there has been an inconsistent approach to how the Android OS is implemented. Certain capabilities are missing or restricted and application support is inconsistent. MG Siegler at Techcrunch has interesting perspective on the Carrier influence over the Android platform.
Personal Choice – This is the game changer. Instead of a select few with access to corporate email on locked down BlackBerrys, the possibility that 10 times as many could be doing the same from iPhones and Androids is a real possibility. This represents completely new territory in IT Service and Device Management disciplines and processes. Managing through these issues will be critical to maintaining a well run IT shop.
Support Nightmare – How to support Android devices, personal or corporate owned? Once any device is approved for corporate email access, calls will arrive at your service desk and end user expectations will require some kind of reasonable response. Which versions of Android can you reasonably support and how will the front line support staff get up to speed on these devices?
A Confused and Unhelpful Analyst Community – This is the fun part. Analysts are tripping all over themselves to have a voice in Android discussion. I recently saw a quote on the lack of device encryption; “This is not a deal breaker with our clients,” said Gartner’s Dulaney. “In fact, some of our clients like that it is not there.” There are more than a few that would disagree. The reality is that no one is currently qualified to make recommendations to the enterprise buyer in a world where analyst recommendations are a critical ingredient in the decision process.
Number of Variations to Support – Unlike the iPhone, there seem to be infinite variations and permutations of the Android OS. Each handset manufacturer and Carrier applies their own “special sauce,” configurations and companion software (or lack thereof). Add to this five or so OS versions across a myriad of devices. Consider that until Android 2.2, there was not even a consistent software solution for connecting to an Exchange server. All this represents incredible challenges for MDM and Security solution vendors as well as Enterprise IT support functions.
It seems clear that there is plenty of risk to go around in allowing Android devices access to corporate resources. The risk/reward decision-making process will be different for each enterprise situation and will be largely based on intuition since the standards and guidelines to help guide the process are limited.
Given this uncertainty, all I can offer is: proceed with caution, and Good Luck!
Reduce the risk of P2P Applications with MaaS360 Peer2Peer Terminator!
Get started with your free copy of MaaS360 Peer2Peer Terminator today! Click here to download.
about 1 year ago
Clint,
Great post and spot on predictions on the perfect storm happening around smartphones – proliferation of platforms, explosion of penetration and lack of platform provided management solutions.
1. Android is now selling at or above iPhone depending on region. Blackberry as the incumbent still has a large footprint. So a minimum of three major platforms plus possibly Windows, Palm, Symbian.
2. Carrier penetration of smartphones is going from low teens in the mix to +50-80% over the next 18 months and aside from iPhones in dedicated carriers, this is mostly driven by Android based devices. Carrier customer care costs will skyrocket without adequate real-time device management solutions.
3. Blackberry has BES – no change. Apple via APIs in iOS4 has left open for MDM vendors the market opportunity to develop a solution while Android has been largely absent on the topic of mobile device management. Even if the platform vendors all provided unique management solutions, customers – carriers and enterprises – need a single pane of glass to manage the complexity, not multiple panes of glass.
So what does an MDM solution need to provide:
1. A mobile device management solution must support Android, iPhone and Blackberry across the carrier and enterprise spectrum, scaling to millions of devices not hundereds. You can’t fully manage a device and its data without this breadth from enterprise to carrier.
2. It must allow for carrier-unique configurations on Android. For enterprise, at a minimum, policy enforcement and base security in Lock and Wipe for data protection across all devices. In the enterprise, securing corporate data is the driving risk to mitigate. Any MDM solution for the enterprise must provide multi-tenancy support to provide secure segregation of customer data as more and more enterprises move to Cloud-based SaaS models for device management, whether through carrier offerings or Manage Service Providers.
3. It must allow for enterprise application management and configuration because it’s not just about securing data but controlling the applications that create and access the data.
As CEO for Mformation Technologies, I can assure anyone worried about the smartphone revolution that there are answers available today to all of these problems. We have been delivering market leading and patented Over the Air mobile device management solutions for nearly 10 years now. With customers representing over 600 million users globally, including some of the largest customers on the planet, we have the experience, scale and proof of technology to address this perfect smartphone storm and bridge between your enterprise and your carrier.
So go ahead, evolve to a better user experience with a smartphone, whether an iPhone, Android or BlackBerry and tell your CIO to call us.
Todd
about 1 year ago
Todd,
Thanks for the feedback and congratulations on your partnership agreement with HP. Further validates the MDM category and mFormation’s experience in the space.
Have a look at my latest blog post at blog.maas360.com that calls out the need for the rationalization of MDM requirement around the Blackberry Enterprise Server as a baseline standard.
Enterprises have come to depend on the Blackberry Enterprise Server to secure Blackberry devices and will expect nothing less than what the BES provides in other solutions.
Clint…..